Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e80d7f13 by Salvatore Bonaccorso at 2026-06-20T17:27:42+02:00
Track fixed version for node-undici issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -984,15 +984,15 @@ CVE-2024-27928 (vantage6 is an open-source infrastructure
for privacy preserving
CVE-2024-24769 (vantage6 is an open-source infrastructure for privacy
preserving analy ...)
NOT-FOR-US: vantage6
CVE-2026-9697 (Impact: undici's ProxyAgent silently drops the requestTls
option when ...)
- - node-undici <unfixed> (bug #1140363)
+ - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g
CVE-2026-9690 (Unauthenticated Arbitrary File Download in WP Media folder
Addon <= 4. ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-9679 (Impact: undici's cookie parser in parseSetCookie
percent-decodes cooki ...)
- - node-undici <unfixed> (bug #1140363)
+ - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-p88m-4jfj-68fv
CVE-2026-9678 (Impact: Undici's cache interceptor incorrectly classifies some
respons ...)
- - node-undici <unfixed> (bug #1140363)
+ - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-pr7r-676h-xcf6
CVE-2026-9675 (Impact: The undici WebSocket client enforces maxPayloadSize
per-frame ...)
- node-undici <not-affected> (Vulnerable code not present)
@@ -1014,10 +1014,10 @@ CVE-2026-7850 (The WP Magnific Popup WordPress plugin
through 1.0 does not prope
CVE-2026-7300 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
NOT-FOR-US: RTI Connext
CVE-2026-6734 (Impact: When using Socks5ProxyAgent, undici reuses a single
connection ...)
- - node-undici <unfixed> (bug #1140363)
+ - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mj
CVE-2026-6733 (Impact: Undici's HTTP/1.1 client is vulnerable to response
queue poiso ...)
- - node-undici <unfixed> (bug #1140363)
+ - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-35p6-xmwp-9g52
CVE-2026-5667 (Use of Hard-coded Credentials vulnerability in Mitsubishi
Electric Roo ...)
NOT-FOR-US: Mitsubishi
@@ -1413,7 +1413,7 @@ CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app`
up to version 3.9.3 al
CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell
with PayP ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12151 (Impact: The undici WebSocket client enforces maxPayloadSize on
the cum ...)
- - node-undici <unfixed> (bug #1140363)
+ - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q
CVE-2026-12115 (The Counter Box \u2013 Add Countdowns, Timers & Dynamic
Counters to Wo ...)
NOT-FOR-US: WordPress plugin
@@ -1424,7 +1424,7 @@ CVE-2026-11858 (Quanos SCHEMA ST4 on-premises contains a
local privilege escalat
CVE-2026-11857 (Quanos SCHEMA ST4 on-premises contains a local privilege
escalation vu ...)
NOT-FOR-US: Quanos SCHEMA ST4 on-premises
CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any
SameSit ...)
- - node-undici <unfixed> (bug #1140363)
+ - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m
CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX
Gateway Fabr ...)
TODO: check
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80d7f13f582e6b8b24a2fcadf62f85db843c035
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80d7f13f582e6b8b24a2fcadf62f85db843c035
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits